Details of VAR-201810-0619

ID

VAR-201810-0619

CVE

CVE-2018-15403

TITLE

plural Cisco Open redirect vulnerability in products

Trust: 0.8

sources: JVNDB: JVNDB-2018-010857

DESCRIPTION

A vulnerability in the web interface of Cisco Emergency Responder, Cisco Unified Communications Manager, Cisco Unified Communications Manager IM & Presence Service, and Cisco Unity Connection could allow an authenticated, remote attacker to redirect a user to a malicious web page. The vulnerability is due to improper input validation of the parameters of an HTTP request. An attacker could exploit this vulnerability by crafting an HTTP request that causes the web interface to redirect a request to a specific malicious URL. This type of vulnerability is known as an open redirect attack and is used in phishing attacks that get users to unknowingly visit malicious sites. plural Cisco The product contains an open redirect vulnerability.Information may be obtained and information may be altered. An attacker can leverage this issue by constructing a crafted URI and enticing a user to follow it. When an unsuspecting victim follows the link, they may be redirected to an attacker-controlled site; this may aid in phishing attacks. Other attacks are possible. Cisco Emergency Responder, etc. are all products of Cisco (Cisco). Cisco Emergency Responder is an emergency call software in an IP communication system. Finesse is a next-generation customer collaboration service solution

Trust: 1.98

sources: NVD: CVE-2018-15403 // JVNDB: JVNDB-2018-010857 // BID: 105696 // VULHUB: VHN-125659

AFFECTED PRODUCTS

vendor:	cisco	model:	unified communications manager im and presence service	scope:	eq	version:	10.5\(1\)	Trust: 1.6
vendor:	cisco	model:	unity connection	scope:	eq	version:	9.1\(1\)es23	Trust: 1.6
vendor:	cisco	model:	emergency responder	scope:	eq	version:	11.5\(4.59000.1\)	Trust: 1.6
vendor:	cisco	model:	unified communications manager im and presence service	scope:	eq	version:	12.5\(1\)	Trust: 1.6
vendor:	cisco	model:	emergency responder	scope:	eq	version:	12.0\(1.40000.3\)	Trust: 1.6
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	11.0\(1.10000.10\)	Trust: 1.6
vendor:	cisco	model:	emergency responder	scope:	eq	version:	12.5\(0.98000.110\)	Trust: 1.6
vendor:	cisco	model:	unified communications manager im and presence service	scope:	eq	version:	12.0\(1\)	Trust: 1.6
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	12.0\(1.10000.10\)	Trust: 1.6
vendor:	cisco	model:	unified communications manager im and presence service	scope:	eq	version:	10.5\(2\)	Trust: 1.6
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	10.5\(2.10000.5\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	11.5\(1.10000.6\)	Trust: 1.0
vendor:	cisco	model:	emergency responder software	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	unified communications manager	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	unified communications manager im and presence service	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	unity connection	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	unity connection	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	unified communications manager im and presence service	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	-	Trust: 0.3
vendor:	cisco	model:	emergency responder	scope:	-	version:	-	Trust: 0.3

sources: BID: 105696 // JVNDB: JVNDB-2018-010857 // CNNVD: CNNVD-201810-194 // NVD: CVE-2018-15403

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-15403
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2018-15403
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201810-194
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-125659
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2018-15403
severity:	MEDIUM
baseScore:	4.9
vectorString:	AV:N/AC:M/AU:S/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	6.8
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-125659
severity:	MEDIUM
baseScore:	4.9
vectorString:	AV:N/AC:M/AU:S/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	6.8
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-15403
baseSeverity:	MEDIUM
baseScore:	5.4
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.3
impactScore:	2.7
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-125659 // JVNDB: JVNDB-2018-010857 // CNNVD: CNNVD-201810-194 // NVD: CVE-2018-15403

PROBLEMTYPE DATA

problemtype:

CWE-601

Trust: 1.9

sources: VULHUB: VHN-125659 // JVNDB: JVNDB-2018-010857 // NVD: CVE-2018-15403

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201810-194

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201810-194

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-010857

PATCH

title:	cisco-sa-20181003-er-ucm-redirect	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-er-ucm-redirect	Trust: 0.8
title:	Multiple Cisco Product security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=85408	Trust: 0.6

sources: JVNDB: JVNDB-2018-010857 // CNNVD: CNNVD-201810-194

EXTERNAL IDS

db:	NVD	id:	CVE-2018-15403	Trust: 2.8
db:	SECTRACK	id:	1041789	Trust: 1.7
db:	SECTRACK	id:	1041780	Trust: 1.7
db:	JVNDB	id:	JVNDB-2018-010857	Trust: 0.8
db:	CNNVD	id:	CNNVD-201810-194	Trust: 0.7
db:	BID	id:	105696	Trust: 0.3
db:	VULHUB	id:	VHN-125659	Trust: 0.1

sources: VULHUB: VHN-125659 // BID: 105696 // JVNDB: JVNDB-2018-010857 // CNNVD: CNNVD-201810-194 // NVD: CVE-2018-15403

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20181003-er-ucm-redirect	Trust: 2.0
url:	http://www.securitytracker.com/id/1041780	Trust: 1.7
url:	http://www.securitytracker.com/id/1041789	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-15403	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-15403	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-125659 // BID: 105696 // JVNDB: JVNDB-2018-010857 // CNNVD: CNNVD-201810-194 // NVD: CVE-2018-15403

CREDITS

Cisco

Trust: 0.3

sources: BID: 105696

SOURCES

db:	VULHUB	id:	VHN-125659
db:	BID	id:	105696
db:	JVNDB	id:	JVNDB-2018-010857
db:	CNNVD	id:	CNNVD-201810-194
db:	NVD	id:	CVE-2018-15403

LAST UPDATE DATE

2024-11-23T21:38:15.506000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-125659	date:	2019-10-09T00:00:00
db:	BID	id:	105696	date:	2018-10-03T00:00:00
db:	JVNDB	id:	JVNDB-2018-010857	date:	2018-12-26T00:00:00
db:	CNNVD	id:	CNNVD-201810-194	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2018-15403	date:	2024-11-21T03:50:42.907

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-125659	date:	2018-10-05T00:00:00
db:	BID	id:	105696	date:	2018-10-03T00:00:00
db:	JVNDB	id:	JVNDB-2018-010857	date:	2018-12-26T00:00:00
db:	CNNVD	id:	CNNVD-201810-194	date:	2018-10-08T00:00:00
db:	NVD	id:	CVE-2018-15403	date:	2018-10-05T14:29:08.687